AWS SSO via SAML.
Four steps.
Federate AWS — Identity Center or legacy IAM — with Monosign in under fifteen minutes. Walk through the four steps below, then jump to the full guide for screenshots and version-specific notes.
- SAML 2.0
- AWS Identity Center + IAM
- ~6 minutes to read
From zero to AWS console sign-in.
The high-level shape. The docs have the every-button screenshots.
- 01
Register AWS as a SAML service provider in Monosign
In the Monosign admin console, create a new SAML provider for AWS. Set the audience URI to urn:amazon:webservices and download Monosign's SAML metadata file — you will hand it to AWS in the next step.
Tip — Use Identity Center (the modern AWS SSO) for new tenants; the legacy IAM federation path still works but is in maintenance mode. - 02
Configure AWS to trust Monosign as an IdP
In AWS IAM Identity Center (or IAM > Identity providers for IAM federation), import Monosign's metadata XML. AWS creates the trust relationship and the role mapping surface.
- 03
Map roles to Monosign groups
In AWS, attach a SAML role and define which Monosign groups are allowed to assume it. In Monosign, add the SAML attribute mappings (Role, RoleSessionName) that AWS expects in the assertion.
Tip — Stick to one Monosign group per AWS role to keep the matrix readable as your account count grows. - 04
Test the round-trip
Sign in as a test user, click the AWS tile in Monosign, and confirm the assertion lands you in the AWS console with the expected permissions. Roll out to broader groups once the test user works end-to-end.
The complete walkthrough — with every screenshot, every flag, and version-specific notes — lives in our help center.
Ready to start managing
identities the right way?
Spin up a fully-loaded trial tenant in under five minutes. No credit card. No sales gate.